GDPR Data minimization in action. Danish Data Protection Authority (Datatilsynet) finds cab company Taxa 4×35’s records retention practices in violation of the GDPR data minimization principle.
The cab company removed names from records after two years. For another three years, all ride records remained, together with the person’s phone number.
- The removal of a name does not constitute anonymization because taxi ride information (e.g pick up and drop off addresses) could still be linked to a person through the phone number.
- The five year retention for the phone number was longer than necessary for the purpose
- You cannot set a deletion deadline, three years longer than necessary, simply because your database or system makes it difficult to comply with the rules. Rather you need to fix your system, e.g by replacing phone numbers with random identifiers.
- You must adequately document your procedures for data deletion including: follow-up on the deletion of the systems correctly; handling reloading of previously deleted personal data when putting in backup; and logging deletions in the system